apiVersion: template.openshift.io/v1
kind: Template
metadata:
  name: external-hosts-template
objects:
# MinIO
  - apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: minio-http-se
      labels:
        app: ${EGRESS_APP}
    spec:
      hosts:
        - ${MINIO_HOST}
      location: MESH_EXTERNAL
      ports:
        - number: ${{MINIO_INTERNAL_PORT}}
          name: http-${MINIO_INTERNAL_PORT}
          protocol: HTTP
        - number: ${{MINIO_EXTERNAL_PORT}}
          name: http-${MINIO_EXTERNAL_PORT}
          protocol: HTTP
      resolution: DNS
  - apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: minio-http-gw
      labels:
        app: ${EGRESS_APP}
    spec:
      selector:
        istio: ${ISTIO_SELECTOR}
      servers:
        - hosts:
            - ${MINIO_HOST}
          port:
            number: ${{EGRESS_PORT}}
            name: http-${EGRESS_PORT}
            protocol: HTTP
  - apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: minio-http-vs
      labels:
        app: ${EGRESS_APP}
    spec:
      exportTo:
        - .
      hosts:
        - ${MINIO_HOST}
      gateways:
        - mesh
        - minio-http-gw
      http:
        - match:
            - gateways:
                - mesh
              port: ${{MINIO_INTERNAL_PORT}}
          rewrite:
            authority: ${MINIO_HOST}
          route:
            - destination:
                host: ${EGRESS_APP}-svc
                port:
                  number: ${{EGRESS_PORT}}
        - match:
            - gateways:
                - minio-http-gw
              port: ${{EGRESS_PORT}}
          rewrite:
            authority: ${MINIO_HOST}
          route:
            - destination:
                host: ${MINIO_HOST}
                port:
                  number: ${{MINIO_EXTERNAL_PORT}}
  - apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: minio-http-dr
      labels:
        app: ${EGRESS_APP}
    spec:
      exportTo:
        - .
      host: ${MINIO_HOST}
      trafficPolicy:
        loadBalancer:
          simple: ROUND_ROBIN
        portLevelSettings:
          - port:
              number: ${{MINIO_EXTERNAL_PORT}}
            tls:
              mode: ${MINIO_TLS_MODE}
              sni: ${MINIO_HOST}
# Database
  - apiVersion: networking.istio.io/v1alpha3
    kind: ServiceEntry
    metadata:
      name: database-se
      labels:
        app: ${EGRESS_APP}
    spec:
      hosts:
        - ${DATABASE_HOST}
      location: MESH_EXTERNAL
      ports:
        - number: ${{DATABASE_PORT}}
          name: tcp-${DATABASE_PORT}
          protocol: TCP
      resolution: DNS
  - apiVersion: networking.istio.io/v1alpha3
    kind: Gateway
    metadata:
      name: database-gw
      labels:
        app: ${EGRESS_APP}
    spec:
      selector:
        istio: ${ISTIO_SELECTOR}
      servers:
        - hosts:
            - ${DATABASE_HOST}
          port:
            number: ${{EGRESS_PORT}}
            name: http-${EGRESS_PORT}
            protocol: HTTP
  - apiVersion: networking.istio.io/v1alpha3
    kind: VirtualService
    metadata:
      name: database-vs
      labels:
        app: ${EGRESS_APP}
    spec:
      exportTo:
        - .
      hosts:
        - ${DATABASE_HOST}
      gateways:
        - mesh
        - database-gw
      http:
        - match:
            - gateways:
                - mesh
              port: ${{DATABASE_PORT}}
          rewrite:
            authority: ${DATABASE_HOST}
          route:
            - destination:
                host: ${EGRESS_APP}-svc
                port:
                  number: ${{EGRESS_PORT}}
        - match:
            - gateways:
                - database-gw
              port: ${{EGRESS_PORT}}
          rewrite:
            authority: ${DATABASE_HOST}
          route:
            - destination:
                host: ${DATABASE_HOST}
                port:
                  number: ${{DATABASE_PORT}}
  - apiVersion: networking.istio.io/v1alpha3
    kind: DestinationRule
    metadata:
      name: database-dr
      labels:
        app: ${EGRESS_APP}
    spec:
      exportTo:
        - .
      host: ${DATABASE_HOST}
      trafficPolicy:
        loadBalancer:
          simple: ROUND_ROBIN
        portLevelSettings:
          - port:
              number: ${{DATABASE_PORT}}
            tls:
              mode: ${DATABASE_TLS_MODE}
              sni: ${DATABASE_HOST}
parameters:
  - name: EGRESS_APP
    required: true
    value: "egress-arachni"
  - name: EGRESS_PORT
    required: true
    value: "9999"
  - name: ISTIO_SELECTOR
    required: true
    value: "egress-arachni"
  - name: MINIO_HOST
    required: true
    value: "minio-lab-1.neo"
  - name: MINIO_INTERNAL_PORT
    required: true
    value: "80"
  - name: MINIO_EXTERNAL_PORT
    required: true
    value: "9000"
  - name: MINIO_TLS_MODE
    required: true
    value: "DISABLE"
  - name: DATABASE_HOST
    required: true
    value: "postgres-lab-1.neo"
  - name: DATABASE_PORT
    required: true
    value: "5432"
  - name: DATABASE_TLS_MODE
    required: true
    value: "DISABLE"
